Squid HTTS User Certificates



  • Hi, I have Squid and SquidGuard configured and running in PFsense 2.4.4 with HTTPS filtering,
    I have installed the certificates on Windows and everything works.
    I have the problem at www where they use personal or business certificates such as www from the state to view private information or perform some paperwork.
    The www should ask for the certificate installed in each client, but it does not ask for it or it gives an error 403 .... without HTTPS filter it worked well ...
    I imagine this has to be a global problem, what can be the solution?
    Thank you.

    08a310e9-3ba3-4e22-94f9-f26424ca4525-image.png



  • While I don't fully understand your problem, your description is not how https works. The website does not reach out to the client and get a certificate from the client. You have it entirely backwards. You request from squid and squid gives you its certificate. Squid requests from the website. The website responds with its certificate and squid checks if it's valid, then squid passes the page contents to you. If it is working everywhere else except this one site, then the problem is with that one site. Perhaps they have an in valid certificate? I don't know as I can't read that text of the error and I'm not going to type all that into a translator.



  • @KOM Thanks!!
    I know it's not very well explained.
    But the problem is on the web where a personal or business certificate is used, in my country these certificates will be used to make official procedures,
    The problem with Squid HTTPS, these websites do not get to ask me for the personal or company certificate, they fail.
    I have made it work by adding an ALIASES to the websites that give me an error and adding the ALIAS to the Proxy Bypass ...
    Thanks!!!



  • Ah, now I understand. I'm not from a country that enforces user certs for dealing with government.

    Glad to hear you got it working now.


Log in to reply